CS-5 On the Campaign Trail: Ferreting out Persistent Attackers

The modern threat landscape is awash in malicious activity, ranging from opportunistic attackers seeking to steal financial data to politically motivated hacktivists seeking to make a point and motivated, well-resourced actors fixated on breaking into your network. Too often, security operations centers are stuck in a repetitive loop of malware driven manual anti-virus detection and response. This distracts from the more insidious attack campaigns burrowing deep into the network to compromise valuable data assets. We will discuss the use of hunting on the network to seek out these infections and track the campaigns that represent the gravest threats to the network. Live demonstration of tools to analyze packets, malware, DNS transactions and manage intelligence will be a cornerstone of the talk.